On 5 Dec 2008 at 18:21, Javier Martínez wrote: > Have you said me that I'm obsoleted?, ok, I agreed with you... o:), > but since I don't use xorg in servers... no problem. You still having > the other problems I commented.
if you mean the /dev/mem issue, it's been solved to an extent in grsec for a long time now as it restricts what range in that device you can actually access - no physical memory for a start, so your trick of patching anything in kernel memory wouldn't fly. current 2.6 series also try to offer something like that (CONFIG_STRICT_DEVMEM) but as usual it's somewhat broken. > One question, somebody knows what made > xorg incompatible with pax mprotect restrictions in earlier versions?. it was the so-called elfloader, which was the X module loader supported and used by most distros back in the day. it handled .o files (ET_REL type in ELF terms) and performed relocation and symbol resolution itself. > I put you a link that is newer than the link that Brian Kroth posted > and still having the incompatibilities on: > http://www.gentoo.org/proj/en/hardened/pax-quickstart.xml, maybe a > mistake? yes, from a quick glance, many of these hardened docs could do with a little update ;).
